<?php // Redirect Page Script
// Created by Leo @ Indeedle
// http://indeedle.com/tutorials/redirectpage
// Created on 2/06/09

/* This page will check the passed URL to see if it's valid, check it against a whitelist (autoredirect if so) or blacklist (deny access),
and then make sure it's not redirecting somewhere else. 
If it is it will attempt to display the true link (as in where the user will end up).*/

require_once('inc.checkurl.php'); // Include the function file

/* CUSTOMIZEABLE OPTIONS */
/**
 * Set value as FALSE if you want to print out an error code if the script fails (validation etc...) (good for debugging)
 * Otherwise enter a string URL of a page to redirect to.
 *
 */
define('RDTI_REDIRECT_ON_FAIL', false);//'http://indeedle.com/');
define('RDTI_REDIRECT_ON_MALFORMED', false);//'http://indeedle.com/');
define('RDTI_DEFAULT_SCHEME', 'http://');
define('RDTI_EXAMINE_INDEPTH', true); // True to hunt for the link, false to only check once
define('RDTI_DEPTH', 5); // How deep should links be followed before we give up? (Larger number, possible larger loading time)

$whitelist = array('indeedle.com');
$blacklist = array('.tk', 'ripway.com'); // This is our blacklist, you can popular it however you want

// Stop editing here! Unless you know what you're doing :)

/* Functions */
/**
 * Echo out error messages in the same format, you can modify this to make it look how you want. 
 * Just echo whatever HTML in the function
 *
 * @param string $message The actual error message to display
 */
function prettyErrorPrint($message)
{
	echo "<p>{$message}</p><p><a href=\"javascript:history.back()\">Go Back</a></p>";
	exit;
}


// Grab the passed url, otherwise return an error message. I mean, what's the point redirecting to a 
$url = (isset($_GET['url'])) ? trim($_GET[url]) : false;
// if the URL wasn't defined or was left empty
if(!$url || empty($url))
{
	triggerFail('There was no URL passed along, so there was nowhere to send you.', RDTI_REDIRECT_ON_FAIL);	
}


// Now the we know something was passed, let's make sure it's not a malformed URL (or some javascript xD)
// If it's malformed we can tell them or bounce away
// Edit this reg ex to suit your own needs
$regex = '/^(((http|ftp|https|ftps):\/\/)?|(www\.))+(([a-zA-Z0-9\._\-]+\.[a-zA-Z]{2,6})|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}))(\/[a-zA-Z0-9\&amp;%_\.\/\-~\-]*)?$/'; // Found at http://regexlib.com/REDetails.aspx?regexp_id=1048

if(!preg_match($regex, $url))
{
	triggerFail('The URL passed was malformed (not entered correctly).', RDTI_REDIRECT_ON_MALFORMED);
}


// Now let's split the URL up and make sure it isn't whitelisted. If it's on our whitelist we'll skip the rest and
// send them on their merry way (generally internal links should be whitelisted)
$urlParsed = parse_url($url); // Parse the URL
// If no scheme is set, then we're going to assume they forgot the http and add it on and then reparse it
if(!isset($urlParsed['scheme']))
{
	$urlParsed = parse_url(RDTI_DEFAULT_SCHEME.$url);
}

// We are going to walk through the whitelist and check the site domain against it
$listed = false;
function listWalkCheck($list, $key, $urlParsed)
{
	$domain = str_ireplace(array('.'), array('\.'), $list);
	$exp = '/(.*)('.$domain.')$/';

	if(preg_match($exp, $urlParsed['host']))
	{
		global $listed;
		$listed = true;
	}
}
array_walk($whitelist, 'listWalkCheck', $urlParsed);

if($listed)
{
	// The URL specified is internal/whitelisted, so let's bounce there
	header("Location: {$url}");
	exit;
}


// We've come this far, and so now we want to make sure the URL doesn't redirect further
// We do this as scammers will hide their real destinations behind services such as tinyurl.com or is.gd
$theURL = checkURL($url); // A lot of code isn't it? xD
$parsedURL = parse_url($theURL);

// Now we have a URL to check against a blacklist
// Works exactly the same as our whitelist
$listed = false;
array_walk($blacklist, 'listWalkCheck', $parsedURL);
// Results are stored in $listed and called further below

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Warning!</title>
<style type="text/css">
*
{
	padding: 0;
	margin: 0;
}
p
{
	padding-bottom: 15px;
	margin-top: 10px;
	margin-bottom: 10px;
}
h1
{
	padding: 10px;
	font-size: 45px;
}
#thebox
{
	width: 700px;
	margin: 50px auto;
	text-align: center;
	font-family: Helvetica, Lucida, "Lucida Sans", system;
	font-size: 20px;
	border: 1px solid #FF0000;
}
#head
{
	background: #FF0000;
	color: #FFF;
	padding: 5px 5px;
}
#body
{
	padding: 5px;
}
#thelink
{
	padding-bottom: 20px;
	
}
</style>

</head>

<body>

<?php if(!$listed){ ?>
<div id="thebox">
	<div id="head">
		<h1>You Are Leaving Indeedle!</h1>
	</div>
	
	<div id="body">
		<p>The link you clicked is leading you out of Indeedle.com!<br />
		Do not enter your account info <strong>EVEN IF IT LOOKS LIKE INDEEDLE!</strong></p>
	
	
	<div id="thelink">
		<a href="<?php echo $theURL; ?>"><?php echo $theURL; ?></a>
	</div>
	
	</div>
	
	<div id="footer">
		<p>The site you're visiting is NOT part of Indeedle!<br />Do not enter your password there!</p>
		<p class="big"><strong>Following this link WILL NOT log you out of Indeedle!</strong></p>
	</div>

</div>
<?php } else { ?>
<div id="thebox">
	<div id="head">
		<h1>You Clicked A Malicious Link!</h1>
	</div>
	
	<div id="body">
		<p>The link you clicked leads you to <strong><?php echo $parsedURL['host']; ?></strong> which is on our blacklist and so cannot be accessed through Indeedle.</p>
		<p>If someone gave you this link to click please go back and rpeort the PM or post!</p>
	

	</div>
	
	<div id="footer">
		<p><a href="javascript:history.back();">Go Back!</a></p>
	</div>

</div>
<?php } ?>

</body>

</html>